<?php
require_once 'lib/controllerWithoutGetOrPost.php';
/**
 * Change the position of the featured person
 *
 * @return bool
 * @param int $personId
 * @param int $position
 */
function setFeaturingPerson($personId, $position) {
    global $db;
	$queryfeaturingperson = "Select `PersonID` from FeaturingPerson where PersonID = ".$personId;
	$resultfeaturingperson = $db->query($queryfeaturingperson);
	
	if(!empty($resultfeaturingperson)) {
		$queryupdate = "Update FeaturingPerson Set `Position` = ".$position.", `DateAdded` = '".gmdate("Y-m-j H:i:s", time() + 3600*12)."' WHERE `PersonID` = ".$personId;
		$resultupdate = $db->query($queryupdate);
	}
    return $resultupdate === TRUE;
}
$username = $db->escape($_POST['username']);
$password = $db->escape($_POST['password']);
if($username === "amemorytree" && $password === "pass153word") {
    for($i = 0; $i<10; $i++) {
        $field = 'personid'.$i;
        if(!empty($_POST[$field])) {
            $personid = intval($_POST[$field]);
            $position = $i;
            setFeaturingPerson($personid, $position);
        }
    }
}
?>